About the role

The Data and Digital branch supports the National Archives in meeting its vision and achieving its strategic goals, through the provision of ICT services, technology, infrastructure, software, cybersecurity and the governance of its information and data assets.  It is also responsible for assisting Australian Government agencies to fulfil the National Archives’ data and information management requirements.

The Cyber Security section provides leadership and technical direction to strengthen the Cyber Security posture of the National Archives. The section manages and implements the National Archives security infrastructure and actively monitors the security of the environment and compliance with relevant government frameworks (including the Protective Security Policy Framework and Essential Eight Maturity Model).

The section is looking for a skilled and proactive individual who is keen to put their experience and knowledge into practice to help defend our organisation against current and future cyber threats. 

The successful candidate will have established communication skills, be experienced in collaborating with others, inquisitive and are knowledgeable in risk assessment and vulnerability management and have a strong working knowledge of relevant government frameworks.

Under limited direction the main duties of the role are to:

• Demonstrate knowledge and ability to apply the Australian Government Protective Security Policy Framework (PSPF), Information Security Manual (ISM) and Essential Eight Maturity Model in cyber security related decision making.
• Manage the escalation and investigation of cyber security incidents, NAA staff concerns or sensitive matters, and provide confidential advice to NAA’s HR and Physical Security teams where appropriate.
• Utilise the agencies Security Information and Event Management (SIEM) system to investigate and respond to cyber security concerns.
• Develop specialist scripts and searches that uplift NAA’s SIEMs capabilities and incident response.
• Undertake assessment activities (both manual and automated) to accurately measure NAA’s compliance against the of ACSC’s Essential Eight Maturity Model.
• Produce reports on Essential Eight assessment activities, including providing recommendations to system owners, the ITSA and Senior Executive on areas of concern or required improvements.
• Form strong working relationships with NAA (both in the IT teams as well as across the agency) and external parties (such as liaising with NAA’s external SOC provider and attending meetings and discussions with the ACSC).
• Perform vulnerability scanning and risk assessments across new and existing systems and applications for consideration by the ITSA and CISO.
• Assess changes to the PSPF, ISM and current and emerging ICT security technologies and provide advice on any required uplift activities.
• Maintain NAA’s Cyber Security framework suite including policies, plans and procedures.
• Manage and mentor junior cyber security staff.
• Apply the principles of APS Values, Code of Conduct, workplace diversity, work health and safety and participative management within a work and team environment.
• Promote and apply the National Archives’ Vision, Mission and Commitments as expressed in Strategy 2025–2030: Evolving National Archives and Our Values.

Relevant qualification/certifications in the field of Cyber Security or a proven history working in Cyber Security related role is highly desirable.

Eligibility

To be eligible for the role you must be an Australian citizen. If you are selected, you will be required to successfully undergo a pre-employment check and be able to obtain and maintain a security clearance at a Baseline clearance level.

How to apply

You need to apply through our e-recruitment system by clicking on the ‘Apply now’ button at the bottom of the vacancy listing.

Your application will need to include:

• the names and contact details of at least two referees, one of whom should be a current supervisor.
• your current resume.
• statement (750 words maximum), describing how your skills, knowledge, and experience/qualifications would enable you to perform the duties of the role taking into account the “Performance Expectations” at the relevant classification and the National Archives’ Vision, Mission and Commitments as expressed in Strategy 2025–2030: Evolving National Archives and Our Values.